Jobs Act and technological controls, what really changes?

by Avv. V. Frediani – Official Gazette in hand, a scenario of how the technocontrol updated to the Jobs Act will affect the life of the worker and the company.

Rome – After theapproval of the Council of Ministers last September 4, were finally published in the Official Gazette, the implementing decrees of the Jobs Act. Among the most debated points, certainly the one relating to the measures concerning the remote control of workers.

In the Legislative Decree of 14 September 2015, n.151, containing "Provisions for the rationalization and simplification of procedures and obligations for citizens and businesses and other provisions on employment relationships and equal opportunities“, atarticle 23, amending the art. 4 of law 20 May 1970, n.300, we read:

“The audiovisual systems and other instruments which also give rise to the possibility of remote monitoring of the workers' activity may be used exclusively for organizational and production needs, for safety at work and for the protection of company assets and may be installed subject to a collective agreement stipulated by the unitary trade union representation or by the company union representatives. Alternatively, in the case of companies with production units located in different provinces of the same region or in several regions, this agreement can be stipulated by the comparatively most representative union associations at national level. In the absence of an agreement, the systems and tools referred to in the previous period can be installed with the prior authorization of the Territorial Labor Directorate or, alternatively, in the case of companies with production units located in the areas of competence of several Territorial Labor Directorates, the Ministry of Labor and Social Policies“.

This is followed by the passage in the center of the lawsuits, which states that this provision

“it does not apply to the tools used by the worker to render work and to the tools for recording access and attendance“. The text continues by stating that "the information collected pursuant to the first and second paragraphs can be used for all purposes related to the employment relationship provided that the worker is given adequate information on how to use the tools and carry out the checks and in compliance with the provisions of legislative decree 30 June 2003, n. 196“.

First of all, the first paragraph sees an introduction that until now had been the object of evaluation exclusively in courtrooms: the possibility of using audiovisual systems and other tools with purpose of protecting corporate assets. Appearance is not insignificant. In fact, over the years, jurisprudence has fluctuated over the belief that the adoption of indirect remote control solutions for workers could take place for reasons functional to the protection of company assets only in the event of violations or ascertained risks for the assets themselves.
From the formulation of the current paragraph, the element of protection of company assets appears to be assessable in a totally discretionary way by the employer.
Secondly, it should be noted that the legislator is not going to include audiovisual systems in the second paragraph, we must consider them absolutely excluded from being able to be adopted outside the provisions of the first paragraph, or collective agreement or appeal to the territorial labor directorate. For video surveillance, in essence, absolutely nothing changes following the change in the legislator.

On the other hand, there are instruments hitherto penalized in their adoption, precisely in consideration of the limits set out in article 4, for which the regulatory landscape changes completely. Think of geolocation systems rather than biometrics (without prejudice to the balance of interests of the Guarantor).
Let's go back to analyzing the second paragraph, which grants the employer freedom to adopt the tools if used by the worker to render work. The paragraph does not contain any reference to necessity of the tool to render work performance: from here a considerable interpretative world can be opened. It is the employer's side that decides how the work must be carried out, managed and organised. And it is always the employer who identifies the ways in which the worker must perform the work performance: from this derives an apparent freedom to insert tools such as GPS, biometrics and, as we will see shortly, all the technological tools from which remote control can derive, suitable for making the work performance (perhaps not essential, but functional to make it by simplifying or optimizing aspects of organization and production).

Certainly ICT managers can breathe a sigh of relief who, until now, have faced problems in adopting solutions aimed at monitoring user navigation with the aim of preventing IT attacks, rather than theft of man-time. If, until yesterday, the inclusion of this type of control in the IT Regulation (in line with the auspices of the Guarantor Authority for the Protection of Personal Data dating back to 2007) could be subordinated to an obligatory step before the trade union representation, today it does not seem to have to depend on this step. The use of smartphones, from which remote control via application or MDM may derive, which together with other functions involve the geolocation of the employee, will not be subject to any restrictions.

Remains the entire BYOD world is excluded from this hypothesis [editor's note: Bring your own device, Bring your own device]. The promiscuity of the purposes of use of the device, i.e. for purposes of a personal and professional nature, makes its use to render professional services outside the regulatory provisions, being used also to achieve purposes of a non-work nature.

The continuation of the paragraph, which mentions the non-application of the first paragraph to the adoption of tools for recording accesses and attendance, may also lead to significant changes with reference to the use of the badge. Considering the access of the worker in a broad sense, and not providing any clarification to the legislator, we can believe that any access to the smoking areas, rather than to the changing rooms, to the canteen, still constitutes a datum subject to control by the employer. No clarification can be drawn from the paragraph, or from the preliminary documents, regarding theinterpretation of the concept of access, translatable not only as access to work premises in the perimeter sense, but as access points which, within the corporate perimeter, could characterize movement in diversified areas. I challenge you to interpret this bland and concise (too much) paragraph in a different way compared to the multitude of cases that it could regulate.

The only limit indicated by the legislator, or better remembered by the legislator in the third paragraph, is compliance with information requirements with a reference to the legislative decree 196 of 2003, the so-called Privacy Code, according to which the elements that the employer will collect, in compliance with the first and second paragraph of article 4, can be used for all purposes related to the employment relationship. This is provided that the worker is provided with information on how to use the tools and the consequent controls. Information which, in accordance with the rationale of the Privacy Code, must be provided prior to treatment of the employee data that can be implemented.

Having therefore overcome the rift between supporters or otherwise of the reform of Article 4, today we are faced with a text which, with the second paragraph, raises enormous questions. The interpretative opportunities, and the application scenarios that it can regulate are so broad as to probably generate, once again, jurisprudential positions that do not always coincide.

At this point it's time for company audits: analyze the tools they are using, those they will want to invest in and how to carry out checks. The priority will be to map the state of affairs, ascertain the regulatory adequacy and proceed to "regularize" and conform everything to the new version of art. 4. All bearing in mind that the companies must be aware that any control must in any case respect the purposes of use referred to in the first paragraph, or adopt instrumentsexclusively for organizational and production needs, for occupational safety and for the protection of company assets. Even if, frankly, both the concept of organizational and production needs, and that relating to the protection of company assets, lend themselves to being a redeeming element with respect to the violation of art. 4, often being able to justify itself in the event of technological evolution.
That said, the world must also move forward! Of course, the legislator could have made it go ahead with a few more clarifications…

Lawyer Valentina Frediani
Founder Colin & Partners

Related news: Remote control. Decree published